4 matches found
CVE-2025-10232
A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...
CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal
A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...
CVE-2025-10232
CVE-2025-10232 affects 299ko up to version 2.0.0. The vulnerability is in the file manager’s getSentDir/delete function (FileManagerAPIController.php), enabling remote, unauthenticated path traversal. Public exploit exists; vendor was contacted but did not respond. Mitigation/workarounds are not ...
PT-2025-37103
Name of the Vulnerable Software and Affected Versions: 299ko versions up to 2.0.0 Description: A weakness exists in 299ko due to path traversal in the getSentDir/delete function of the plugin/filemanager/controllers/FileManagerAPIController.php file. This issue is remotely exploitable, and the...